nanog mailing list archives
Re: BCP38 Deployment
From: goemon () anime net
Date: Wed, 28 Mar 2012 10:11:07 -0700 (PDT)
On Wed, 28 Mar 2012, Bingyang LIU wrote:
the provider may not be able to protect its customers, because ingress filtering (including uRPF) is inefficient when done near the destination. In other words, an ISP can deploy BCP38 or whatever, but still cannot well protect its customers from spoofing attacks from other ASes.
The ASes which enable spoofing need to have some penalty imposed or they will never engage in correct behavior.
Something like throwing all their traffic into scavenger class.If their customers start complaining to them, maybe then they will shape up.
-Dan
Current thread:
- Re: BCP38 Deployment, (continued)
- Re: BCP38 Deployment Leo Bicknell (Mar 28)
- Re: BCP38 Deployment Michael Thomas (Mar 28)
- Re: BCP38 Deployment Leo Bicknell (Mar 28)
- Re: BCP38 Deployment Valdis . Kletnieks (Mar 28)
- Re: BCP38 Deployment David Conrad (Mar 28)
- Re: BCP38 Deployment Leo Bicknell (Mar 28)
- Re: BCP38 Deployment goemon (Mar 28)
- Re: BCP38 Deployment Bingyang LIU (Mar 28)
- Re: BCP38 Deployment Eric Brunner-Williams (Mar 28)
- Re: BCP38 Deployment Bingyang LIU (Mar 28)
- Re: BCP38 Deployment goemon (Mar 28)
- Re: BCP38 Deployment Joe Provo (Mar 29)
- Re: BCP38 Deployment Jon Lewis (Mar 29)
- Re: BCP38 Deployment Joe Provo (Mar 29)
- Comcast Ethernet Feed Brian R. Watters (Mar 29)
- Re: Comcast Ethernet Feed Brielle Bruns (Mar 29)
- Re: Comcast Ethernet Feed Jon Lewis (Mar 29)
- Re: Comcast Ethernet Feed Brielle Bruns (Mar 29)
- Re: Comcast Ethernet Feed Brielle Bruns (Mar 29)
- Re: Comcast Ethernet Feed Brian R. Watters (Mar 29)
- Re: Comcast Ethernet Feed Brielle Bruns (Mar 29)